Explorar el Código

[crypto] Use x509_name() in validator debug messages

Display a human-readable certificate name in validator debug messages
wherever possible.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown hace 5 años
padre
commit
447e5cd447
Se han modificado 1 ficheros con 68 adiciones y 37 borrados
  1. 68
    37
      src/net/validator.c

+ 68
- 37
src/net/validator.c Ver fichero

@@ -72,6 +72,18 @@ struct validator {
72 72
 			 size_t len );
73 73
 };
74 74
 
75
+/**
76
+ * Get validator name (for debug messages)
77
+ *
78
+ * @v validator		Certificate validator
79
+ * @ret name		Validator name
80
+ */
81
+static const char * validator_name ( struct validator *validator ) {
82
+
83
+	/* Use name of first certificate in chain */
84
+	return x509_name ( x509_first ( validator->chain ) );
85
+}
86
+
75 87
 /**
76 88
  * Free certificate validator
77 89
  *
@@ -81,7 +93,8 @@ static void validator_free ( struct refcnt *refcnt ) {
81 93
 	struct validator *validator =
82 94
 		container_of ( refcnt, struct validator, refcnt );
83 95
 
84
-	DBGC2 ( validator, "VALIDATOR %p freed\n", validator );
96
+	DBGC2 ( validator, "VALIDATOR %p \"%s\" freed\n",
97
+		validator, validator_name ( validator ) );
85 98
 	x509_chain_put ( validator->chain );
86 99
 	ocsp_put ( validator->ocsp );
87 100
 	xferbuf_free ( &validator->buffer );
@@ -165,8 +178,9 @@ static int validator_append ( struct validator *validator,
165 178
 
166 179
 	/* Enter certificateSet */
167 180
 	if ( ( rc = asn1_enter ( &cursor, ASN1_SET ) ) != 0 ) {
168
-		DBGC ( validator, "VALIDATOR %p could not enter "
169
-		       "certificateSet: %s\n", validator, strerror ( rc ) );
181
+		DBGC ( validator, "VALIDATOR %p \"%s\" could not enter "
182
+		       "certificateSet: %s\n", validator,
183
+		       validator_name ( validator ), strerror ( rc ) );
170 184
 		goto err_certificateset;
171 185
 	}
172 186
 
@@ -176,15 +190,16 @@ static int validator_append ( struct validator *validator,
176 190
 		/* Add certificate to chain */
177 191
 		if ( ( rc = x509_append_raw ( certs, cursor.data,
178 192
 					      cursor.len ) ) != 0 ) {
179
-			DBGC ( validator, "VALIDATOR %p could not append "
180
-			       "certificate: %s\n",
181
-			       validator, strerror ( rc) );
193
+			DBGC ( validator, "VALIDATOR %p \"%s\" could not "
194
+			       "append certificate: %s\n", validator,
195
+			       validator_name ( validator ), strerror ( rc) );
182 196
 			DBGC_HDA ( validator, 0, cursor.data, cursor.len );
183 197
 			return rc;
184 198
 		}
185 199
 		cert = x509_last ( certs );
186
-		DBGC ( validator, "VALIDATOR %p found certificate %s\n",
187
-		       validator, x509_name ( cert ) );
200
+		DBGC ( validator, "VALIDATOR %p \"%s\" found certificate ",
201
+		       validator, validator_name ( validator ) );
202
+		DBGC ( validator, "%s\n", x509_name ( cert ) );
188 203
 
189 204
 		/* Move to next certificate */
190 205
 		asn1_skip_any ( &cursor );
@@ -193,15 +208,17 @@ static int validator_append ( struct validator *validator,
193 208
 	/* Append certificates to chain */
194 209
 	last = x509_last ( validator->chain );
195 210
 	if ( ( rc = x509_auto_append ( validator->chain, certs ) ) != 0 ) {
196
-		DBGC ( validator, "VALIDATOR %p could not append "
197
-		       "certificates: %s\n", validator, strerror ( rc ) );
211
+		DBGC ( validator, "VALIDATOR %p \"%s\" could not append "
212
+		       "certificates: %s\n", validator,
213
+		       validator_name ( validator ), strerror ( rc ) );
198 214
 		goto err_auto_append;
199 215
 	}
200 216
 
201 217
 	/* Check that at least one certificate has been added */
202 218
 	if ( last == x509_last ( validator->chain ) ) {
203
-		DBGC ( validator, "VALIDATOR %p failed to append any "
204
-		       "applicable certificates\n", validator );
219
+		DBGC ( validator, "VALIDATOR %p \"%s\" failed to append any "
220
+		       "applicable certificates\n", validator,
221
+		       validator_name ( validator ) );
205 222
 		rc = -EACCES;
206 223
 		goto err_no_progress;
207 224
 	}
@@ -223,11 +240,12 @@ static int validator_append ( struct validator *validator,
223 240
  * Start download of cross-signing certificate
224 241
  *
225 242
  * @v validator		Certificate validator
226
- * @v issuer		Required issuer
243
+ * @v cert		X.509 certificate
227 244
  * @ret rc		Return status code
228 245
  */
229 246
 static int validator_start_download ( struct validator *validator,
230
-				      const struct asn1_cursor *issuer ) {
247
+				      struct x509_certificate *cert ) {
248
+	const struct asn1_cursor *issuer = &cert->issuer.raw;
231 249
 	const char *crosscert;
232 250
 	char *crosscert_copy;
233 251
 	char *uri_string;
@@ -261,8 +279,10 @@ static int validator_start_download ( struct validator *validator,
261 279
 			 crosscert, crc );
262 280
 	base64_encode ( issuer->data, issuer->len, ( uri_string + len ),
263 281
 			( uri_string_len - len ) );
264
-	DBGC ( validator, "VALIDATOR %p downloading cross-signed certificate "
265
-	       "from %s\n", validator, uri_string );
282
+	DBGC ( validator, "VALIDATOR %p \"%s\" downloading ",
283
+	       validator, validator_name ( validator ) );
284
+	DBGC ( validator, "\"%s\" cross-signature from %s\n",
285
+	       x509_name ( cert ), uri_string );
266 286
 
267 287
 	/* Set completion handler */
268 288
 	validator->done = validator_append;
@@ -270,8 +290,9 @@ static int validator_start_download ( struct validator *validator,
270 290
 	/* Open URI */
271 291
 	if ( ( rc = xfer_open_uri_string ( &validator->xfer,
272 292
 					   uri_string ) ) != 0 ) {
273
-		DBGC ( validator, "VALIDATOR %p could not open %s: %s\n",
274
-		       validator, uri_string, strerror ( rc ) );
293
+		DBGC ( validator, "VALIDATOR %p \"%s\" could not open %s: "
294
+		       "%s\n", validator, validator_name ( validator ),
295
+		       uri_string, strerror ( rc ) );
275 296
 		goto err_open_uri_string;
276 297
 	}
277 298
 
@@ -307,16 +328,18 @@ static int validator_ocsp_validate ( struct validator *validator,
307 328
 
308 329
 	/* Record OCSP response */
309 330
 	if ( ( rc = ocsp_response ( validator->ocsp, data, len ) ) != 0 ) {
310
-		DBGC ( validator, "VALIDATOR %p could not record OCSP "
311
-		       "response: %s\n", validator, strerror ( rc ) );
331
+		DBGC ( validator, "VALIDATOR %p \"%s\" could not record OCSP "
332
+		       "response: %s\n", validator,
333
+		       validator_name ( validator ),strerror ( rc ) );
312 334
 		return rc;
313 335
 	}
314 336
 
315 337
 	/* Validate OCSP response */
316 338
 	now = time ( NULL );
317 339
 	if ( ( rc = ocsp_validate ( validator->ocsp, now ) ) != 0 ) {
318
-		DBGC ( validator, "VALIDATOR %p could not validate OCSP "
319
-		       "response: %s\n", validator, strerror ( rc ) );
340
+		DBGC ( validator, "VALIDATOR %p \"%s\" could not validate "
341
+		       "OCSP response: %s\n", validator,
342
+		       validator_name ( validator ), strerror ( rc ) );
320 343
 		return rc;
321 344
 	}
322 345
 
@@ -344,8 +367,9 @@ static int validator_start_ocsp ( struct validator *validator,
344 367
 	/* Create OCSP check */
345 368
 	assert ( validator->ocsp == NULL );
346 369
 	if ( ( rc = ocsp_check ( cert, issuer, &validator->ocsp ) ) != 0 ) {
347
-		DBGC ( validator, "VALIDATOR %p could not create OCSP check: "
348
-		       "%s\n", validator, strerror ( rc ) );
370
+		DBGC ( validator, "VALIDATOR %p \"%s\" could not create OCSP "
371
+		       "check: %s\n", validator, validator_name ( validator ),
372
+		       strerror ( rc ) );
349 373
 		return rc;
350 374
 	}
351 375
 
@@ -354,12 +378,15 @@ static int validator_start_ocsp ( struct validator *validator,
354 378
 
355 379
 	/* Open URI */
356 380
 	uri_string = validator->ocsp->uri_string;
357
-	DBGC ( validator, "VALIDATOR %p performing OCSP check at %s\n",
358
-	       validator, uri_string );
381
+	DBGC ( validator, "VALIDATOR %p \"%s\" checking ",
382
+	       validator, validator_name ( validator ) );
383
+	DBGC ( validator, "\"%s\" via %s\n",
384
+	       x509_name ( cert ), uri_string );
359 385
 	if ( ( rc = xfer_open_uri_string ( &validator->xfer,
360 386
 					   uri_string ) ) != 0 ) {
361
-		DBGC ( validator, "VALIDATOR %p could not open %s: %s\n",
362
-		       validator, uri_string, strerror ( rc ) );
387
+		DBGC ( validator, "VALIDATOR %p \"%s\" could not open %s: "
388
+		       "%s\n", validator, validator_name ( validator ),
389
+		       uri_string, strerror ( rc ) );
363 390
 		return rc;
364 391
 	}
365 392
 
@@ -385,11 +412,13 @@ static void validator_xfer_close ( struct validator *validator, int rc ) {
385 412
 
386 413
 	/* Check for errors */
387 414
 	if ( rc != 0 ) {
388
-		DBGC ( validator, "VALIDATOR %p transfer failed: %s\n",
389
-		       validator, strerror ( rc ) );
415
+		DBGC ( validator, "VALIDATOR %p \"%s\" transfer failed: %s\n",
416
+		       validator, validator_name ( validator ),
417
+		       strerror ( rc ) );
390 418
 		goto err_transfer;
391 419
 	}
392
-	DBGC2 ( validator, "VALIDATOR %p transfer complete\n", validator );
420
+	DBGC2 ( validator, "VALIDATOR %p \"%s\" transfer complete\n",
421
+		validator, validator_name ( validator ) );
393 422
 
394 423
 	/* Process completed download */
395 424
 	assert ( validator->done != NULL );
@@ -426,8 +455,9 @@ static int validator_xfer_deliver ( struct validator *validator,
426 455
 	/* Add data to buffer */
427 456
 	if ( ( rc = xferbuf_deliver ( &validator->buffer, iob_disown ( iobuf ),
428 457
 				      meta ) ) != 0 ) {
429
-		DBGC ( validator, "VALIDATOR %p could not receive data: %s\n",
430
-		       validator, strerror ( rc ) );
458
+		DBGC ( validator, "VALIDATOR %p \"%s\" could not receive "
459
+		       "data: %s\n", validator, validator_name ( validator ),
460
+		       strerror ( rc ) );
431 461
 		validator_finished ( validator, rc );
432 462
 		return rc;
433 463
 	}
@@ -471,6 +501,8 @@ static void validator_step ( struct validator *validator ) {
471 501
 	now = time ( NULL );
472 502
 	if ( ( rc = x509_validate_chain ( validator->chain, now, NULL,
473 503
 					  NULL ) ) == 0 ) {
504
+		DBGC ( validator, "VALIDATOR %p \"%s\" validated\n",
505
+		       validator, validator_name ( validator ) );
474 506
 		validator_finished ( validator, 0 );
475 507
 		return;
476 508
 	}
@@ -514,8 +546,7 @@ static void validator_step ( struct validator *validator ) {
514 546
 	/* Otherwise, try to download a suitable cross-signing
515 547
 	 * certificate.
516 548
 	 */
517
-	if ( ( rc = validator_start_download ( validator,
518
-					       &last->issuer.raw ) ) != 0 ) {
549
+	if ( ( rc = validator_start_download ( validator, last ) ) != 0 ) {
519 550
 		validator_finished ( validator, rc );
520 551
 		return;
521 552
 	}
@@ -567,8 +598,8 @@ int create_validator ( struct interface *job, struct x509_chain *chain ) {
567 598
 	/* Attach parent interface, mortalise self, and return */
568 599
 	intf_plug_plug ( &validator->job, job );
569 600
 	ref_put ( &validator->refcnt );
570
-	DBGC2 ( validator, "VALIDATOR %p validating X509 chain %p\n",
571
-		validator, validator->chain );
601
+	DBGC2 ( validator, "VALIDATOR %p \"%s\" validating X509 chain %p\n",
602
+		validator, validator_name ( validator ), validator->chain );
572 603
 	return 0;
573 604
 
574 605
 	validator_finished ( validator, rc );

Loading…
Cancelar
Guardar